Phpgurukul Pre-School Enrollment System SQL Injection Vulnerability in Password Recovery Feature

A SQL injection vulnerability has been identified in version 1.0 of the Phpgurukul Pre-School Enrollment System. The issue resides in the admin/password-recovery.php file, where user input for the username parameter is inadequately validated. This flaw allows attackers to inject malicious SQL queries, potentially leading to unauthorized database access, data manipulation, and exploitation of the underlying system.

Impact

Exploitation of this vulnerability could allow attackers to access the database without authorization, modify or delete data, leak sensitive information, gain control over the system, and disrupt services.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /admin/password-recovery.php endpoint. Include a crafted payload in the username parameter that exploits the SQL injection flaw, such as using SQL injection techniques like boolean-based blind, error-based, or time-based blind payloads. This can be done manually or with automated tools like sqlmap.

Remediation

To address this vulnerability, developers should implement prepared statements and parameter binding to prevent SQL injection, conduct thorough input validation and filtering, and minimize database user permissions to the least required for operations.